From what I understand (admittedly not much), to use spectre you've got to have local access, and to use meltdown, you can do it over a network if you can figure out a way to crack into a box to install the malware. As of two days ago google says they haven't seen anyone attacking anywhere using either. So for the moment I'm not going to worry about it. I am thinking seriously about changing my home LAN's firewall from Intel/Linux to Sparc/Solaris tho...

Project:Temporarily lost at sea...Plan:World domination! Or something...

@vishnu: My firewall currently is Dodoid's box. =p I'm not sure whether the Odroid box is affected though. The problem with non-x86 things is the super high energy consumption. Hardware I have laying around, but my power bill is already too high as it is.

It _is_ vulnerable to Spectre. It's not clear whether IBM will offer firmware patches for it yet.

source: tested my own system with the PoC

Hurrah for my POWER5 then.

Not necessarily: POWER4 (and then most likely also PowerPC 970 and derivatives) and POWER5 make use of out-of-order and speculative execution, whereas POWER6 uses in-order execution.

Yes. The 970 is definitely vulnerable, so the POWER4 is also almost certainly vulnerable, and if the POWER6 is, then I would be surprised if the POWER5 weren't. Even though the POWER6 is in-order, it still speculates; out-of-order execution only has to do with how instructions are issued.

Any performance processor used branch prediction, speculative execution, and out of order execution. Before attacks were based on them they were the best tools to reduce memory latency - the major performance inhibiter in any high performance system.

Assuming google could even detect this, they’re never going to admit it. A vendors first response is always “none of our other customers have this problem”. It’s like “I never had any contact with Russia”, you know how that turned out - EVERYONE had contact with Russia. Lies make the world go round.